CVE Vulnerabilities - 9 March 2026

RHEL: golang-github-openprinting-ipp-usb Uncontrolled Memory Allocation

RHSA-2026:3977

7.5

Git LFS on Red Hat Systems: Unauthenticated File Access Risk

RHSA-2026:3974

7.5

Git Large File System (LFS) on Red Hat Systems: Data Exposure

RHSA-2026:3973

7.5

Red Hat RHC Worker Playbook Update Fixes Security Flaw

RHSA-2026:3971

7.5

Git Large File Storage (Git LFS) Vulnerability in Red Hat Software

RHSA-2026:3972

7.5

Red Hat RHC Worker Playbook Updated to Fix Security Flaw

RHSA-2026:3970

7.5

Vulnerability in Red Hat's libvpx Video Processing Library

RHSA-2026:3967

7.5

Nordic Router Modem Crash Vulnerability: Malicious Input Causes Device Freeze

CVE-2025-69279

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

Unvalidated Input Crashes Network Router Modem

CVE-2025-69278

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

Apache NiFi Modem Crash Risk: Remote Denial of Service Possible

CVE-2025-61616

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

NRF Modem Remote Crash Vulnerability

CVE-2025-61615

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

Nordic Router Modem Crashes with Malicious Input

CVE-2025-61614

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

NR Modem Crashes with Malformed Input

CVE-2025-61613

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

WordPress Plugin nr Modem Crashes Due to Poor Input Handling

CVE-2025-61612

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi...

7.5

Apache Modem Vulnerability Allows Remote Denial of Service

CVE-2025-61611

In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.....

7.5

UBR's wwwupdate.cgi endpoint leaks session tokens in URLs

CVE-2025-41772

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cg...

7.5

Delta Electronics COMMGR2 Software Can Crash Under Certain Conditions

CVE-2026-3631

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability....

7.5

Ivanti Endpoint Manager: Unauthenticated Credential Data Exposure

CVE-2026-1603

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthentic...

7.5 KEV

VMware Workspace One UEM allows unauthenticated access to sensitive info

CVE-2021-22054

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a ma...

7.5 KEV

Glances TimescaleDB Export Allows Remote Code Execution

GHSA-x46r-mf5g-xpr6 CVE-2026-30930

### Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() ...

7.3

Keygraph Shannon: Hard-coded API key in router configuration

CVE-2026-29023

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network atta...

6.9

League Commonmark: Unfiltered HTML Injection via Malformed Markdown

UBUNTU-CVE-2026-30838

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or ot...

7.3

Budibase: Malformed Shell Commands Can Execute Malicious Commands

GHSA-726g-59wr-cj4c CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration construct...

8.6

URGENT: High-Risk Update Signature Bypass in UBR Web Interface

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in t...

7.2

Comfast CF-AC100: Remote Attack Possible Through Malicious Ping Configuration

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pin...

5.1